CTO INSIDER BLOG:USING TECHNOLOGY TO IMPROVE HOW YOU DO BUSINESS

Does Your Security Have Enough Layers?

When I was in the U.S. military, I learned about the power of “defense in depth.” This defense strategy, that dates back to beginning of time, involves employing multiple layers of defense to resist the rapid penetration of attackers. The attackers may overcome one barricade, but they cannot get through them all. At minimum, it slows down the attack to give you time to respond more effectively.

Today, I bring that same layered security strategy to protect IT environments. Through layered defense (as it is often called), organizations combine multiple mitigating security controls to protect their users, data and resources.

While a single-focused security solution can stop specific attacks, it is no longer enough to keep your data and resources safe from the advanced capabilities of modern-day malware. This advanced malware is surprisingly sophisticated – and always changing. Even more concerning is that it is easier than ever for even non-developers to create and distribute malware with toolkits that can be found on the dark web. View how an effective attack comes together.

Small Businesses Targeted Small businesses, with fewer than 250 employees, actually are the prime targets for these attacks because they:

Often lack adequate security measures;

Do not have the resources to “fight back” against ransomware, so ransoms are paid back at higher rates than larger enterprises;

Offer entry to larger businesses (remember the hack on Target in 2013. That actually was achieved through the retail giant’s HVAC vendor); and

Provide a reduced risk to attackers as they are less likely to be investigated.

Over the past five years, small businesses have increasingly taken the brunt of the attacks. They represented 43 percent of the attacks in 2015, up from 18 percent in 2011, according to the 2016 Symantec Internet Security Threat Report. In 2015, larger enterprises with more than 2,500 employees received 35 percent of the attacks while medium businesses represented 22 percent, as shown in the chart to the right.

Creating a Layered DefenseThe best strategy against today’s threats is to employ a Defense-in-Depth “Layers” Strategy. This includes deploying multiple, overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method.

For example, it is no longer sufficient to have a firewall or an antivirus software on your server or workstation and a password on your Wi-Fi. You need all three, plus a few additional items.

An effective IT defense strategy starts with knowing where you’re most vulnerable to attacks. Here’s the most common attack points (or vectors as they are sometimes called), according to a 2016 Security Report from McAfee Labs:

Browser (downloading software infected with malware)

Brute force to try to crack a password/PIN

Denial of service (attacker overloads your server with more requests than it can process)

An effective security solution should protect against at least five of these attack points. Am I Protected Enough? Marco developed an extensive Layered Security Map that outlines the purpose of each key security solution, the layers of security it provides and the number of common attack points it protects.

Of course, organizations want all the attack points covered. So, that’s why they need to use a variety of security solutions. It’s common for even a small to medium business to use several security solutions to effectively implement a depth in defense strategy across their IT environment.

Mapping which solutions are right for your organization is an essential task. You don’t have to do it alone. Contact us today to learn more about the Layered Security Map and the solutions needed to effectively protect your organization.

Security threats are rising with an increasing emphasis on smaller businesses. Hackers see them as easy targets and gateways to larger businesses. The famous attack on Target in 2013 was actually...Read more

Tech jobs are multiplying nationwide, up 7.3 million from last year. The strong majority of those jobs (6.9 million) are at technology companies – like Marco – but a growing number also are within...Read more

In the wake of the devastation caused by Hurricanes Harvey and Irma, questions have been raised about the potential for a business to continue after a disaster. Is it even possible? Yes. But it does...Read more

What’s the best marketing pitch you’ve received lately? I bet it did not feel like a pitch at all. I prefer to not feel like I am being sold to – or sold out – when someone’s marketing to me. ...Read more

As the CTO and CIO at Marco, I get inundated – I mean inundated – with marketing solicitations. It used to be primarily mail, some email and the occasional call. Now, I can spend a good chunk of my...Read more

Security threats change every day. Are your employees ready to fight against them? It’s a question that’s often on my mind. Today, hackers do not hack systems; they hack people. A recent IBM study...Read more

A friend recently asked, “What are key ways you know you need Managed IT Services?” Instantly, a rendition of the Jeff Foxworthy redneck one liners started running through my head. They were not...Read more

In any given week, I will pull up my electronic calendar and find myself double or even triple booked. It’s become laughable. How can this be? Isn’t technology supposed to prevent this? I spend the...Read more

Technology is supposed to make us more productive – especially in our meetings. We have electronic calendars, e-communication tools and can start a meeting with anyone – anywhere in the world – with...Read more

In communities where the construction of new manufacturing facilities once adorned the headlines, we’re seeing a new economic player: data centers. We’re creating and storing more information...Read more

I recently had one of my worst customer service experiences, if not the worst. It all started with the inability to connect to the Internet at a business that my family operates. It meant the...Read more

When I was in the U.S. military, I learned about the power of “defense in depth.” This defense strategy, that dates back to beginning of time, involves employing multiple layers of defense to resist...Read more

As I walked with the Marco team into the airport to return home from a recent trip to Costa Rica, my first thought was, “There has to be a better way.” Some passengers walked straight to the...Read more

We’re building factories. While that’s a sentence I never expected to say as Chief Technology Officer of Marco, it’s not what you think. I am not talking about the traditional bricks-and-mortar...Read more

I have piles upon piles of notepads of my handwritten notes filed in my desk drawer. Some of them date back quite far and yes, I still pull them out and refer to them. Sometimes, it takes some...Read more

As a technology provider, we have to change our business model constantly to stay relevant and deliver value to our clients. That means being willing to update the products and services we sell and...Read more

As Chief Technology Officer, I have helped provide the strategic direction of the technology and related services that Marco provides. In recent years, that role has become more demanding due to the...Read more

I remember when my oldest daughter was two. Like many kids her age, she desired to do things herself. It didn’t matter if it took her longer to do it. As she grew older, it meant I waited patiently...Read more

I’m often asked to pull out a crystal ball and talk about where technology is going. Preparing for the future and identifying the right technology for it is a main role I play as Chief Technology...Read more

You know the saying that there is no such thing as a free lunch. The same is true when it comes to Wi-Fi. It’s become so common to jump on a network - for free - after quickly clicking “I agree” to...Read more

If you’re using your birthday, anniversary, kids’ birthdays or any information that can be found online – including your social media account – in your passwords, your account could easily be...Read more

My job is to stay ahead of the technology curve. That used to mean looking out three to five years – or even 10 years when I first started my career. Today, we expect some technology to be obsolete...Read more

There has been quite a bit of talk – and jokes – about the “Russian attackers” in recent days. So is the threat real and how does it impact your organization?Russian hackers claim they will try to...Read more

CTO Insider

Security threats are rising with an increasing emphasis on smaller businesses. Hackers see them as easy targets and gateways to larger businesses. The famous attack on Target in 2013 was actually...Read more

Leadership Blog

Papers rustle. The occasional nod. A chuckle. Eyes gaze out the window. Keys click on a computer. Nails tap the screen of a smartphone. A phone vibrates the table. Heads turn. These all tell us...Read more

Technology Insights Blog

There's no doubt about it, end-user support is essential. Whether your business is small, medium or enterprise, day-to-day support has to happen. This includes patches, upgrades and troubleshooting,...Read more